Stories by Lucian Constantin

FortiGuard SSH backdoor found in more Fortinet security appliances

Network security vendor Fortinet has identified an authentication issue that could give remote attackers administrative control over FortiSwitch, FortiAnalyzer and FortiCache devices.

Google creates fix for zero-day kernel flaw, says effect on Android is greatly exaggerated

Google has developed a patch for a recently reported vulnerability in the Linux kernel and shared it with Android manufacturers.

Cisco fixes critical flaws in digital encoder, unified computing manager and security appliance

Cisco released security updates to fix a hard-coded root password in its Modular Encoding Platform D9036 and a vulnerable CGI script in the Cisco Unified Computing System (UCS) Manager and the Cisco Firepower 9000 Series appliances.

Privacy-conscious users rejoice: You can now use Facebook's Android app over Tor

Facebook has added the option to route traffic from its Android mobile app over the Tor anonymity network.

Serious flaw patched in Intel Driver Update Utility

A software utility that helps users download the latest drivers for their Intel hardware components contained a vulnerability that could have allowed man-in-the-middle attackers to execute malicious code on computers.

Advocacy group calls on health-care industry to adopt medical device security principles

Advocacy group I Am the Cavalry is urging organizations that manufacture and distribute medical devices to adopt a cybersecurity version of the Hippocratic Oath.

Linux kernel flaw endangers millions of PCs, servers and Android devices

A three-year-old vulnerability in the Linux kernel could have allowed attackers to take full control over Linux-based PCs, servers, Android phones and other embedded devices.

Advantech industrial serial-to-Internet gateways wide open to unauthorized access

Specialized gateway devices made by Advantech that are used around the world in industrial environments to connect legacy serial equipment to TCP/IP and cellular networks can be accessed with any password.

OpenSSH patches information leak that could expose private SSH keys

A vulnerability in OpenSSH clients could expose users' private SSH keys to rogue or compromised servers.

Hyatt hackers hit payment processing systems, scooped cards used at 250 locations

Hacker managed to compromise payment cards used at 250 Hyatt Hotels locations from around 50 countries after infecting the company's payment processing systems with malware.

Cisco fixes unauthorised access flaws in access points, wireless LAN controllers

Cisco Systems released critical security updates for several products, including access points and wireless LAN controllers, in order to fix vulnerabilities that could give remote attackers access to devices.

Android banking malware SlemBunk is part of a well-organized campaign

The SlemBunk Android Trojan that targets mobile banking users has evolved into a hard-to-detect threat, researchers from FireEye found.

Microsoft fixes critical flaws in Windows, Office, Edge, IE and other products

Microsoft released critical fixes for remote code execution flaws in Windows, Office, Edge, Internet Explorer, Silverlight and Visual Basic.

Faulty ransomware renders files unrecoverable, even by the attacker

A hacker has built a ransomware program based on proof-of-concept code released online, but messed up the implementation resulting in victims' files being completely unrecoverable.

New remote access Trojan Trochilus used in cyberespionage operations

A cyberespionage group was found using a new remote access Trojan dubbed Trochilus whose detection rate was very low among antivirus products.